Recent Activity

I've been asked an interesting and, seemingly, trivial question: "How would you protect the hosts in AWS VPC located in a different subnets by inspecting traffic between them?" I was also assured that presently, AWS did not have a solution to this problem, as every routing table you create will contain "local" route, all traffic from all…

Good day, Heads up for all of you that are installing new vSEC instances in AWS with Jumbo take 216, 282 or 292 This is only true for the new AMI R77.30-041.168. Previous version of the AMI works fine with JHFA. JHFA will install "just fine", but you will notice that traffic is not passing the gateway. fwaccel off and traffic starts…(Show moreShow less)

Hi guys, I recently deploy a environment in Azure,to my luck,the environment works fine. but one thing: the Azure GWs managed by a SMS located in non-cloud DC.and this SMS also managed 4 AWS gateways,then AWS have a 72-cores license but it just used 64 cores remaining 8 cores in that pool. And now,I have a 64 seats license for Azure.but…(Show moreShow less)

The licensing tool is very limited and seems to have been made in a hurry. The tool does not seem to have any kind of intelligence to the different types of vSEC gateways. For example if you happen to have (like I do) mixed vSEC gateways (PAYG and BYOL) in same CMA, the tool will attach BYOL licenses to PAYG instances as well :s

Hi All, I deployed CheckPoint VSEC cluster from Microsoft Azure Market place. I see the cluster is having a public load balancer, which has two cluster gateways outside IP's as front end IPs I would like to spin up a second internal load balancer, which will have the cluster gateways inside IP's configured I am able to deploy the load…(Show moreShow less)

In json file you can specify only public load balancer name, it doesn't count with internal load balancer. Azure template for vsec cluster is deployed per design specified here Deploying a Check Point Cluster in Microsoft Azure

Team, We would like to create Azure Public IP ranges as destination object in Checkpoint R80.10 vSEC firewalls Microsoft publishes its IP ranges as XML (https://www.microsoft.com/en-us/download/details.aspx?id=41653). Does anyone have an idea on how to import the .xml file into checkpoint firewalls using REST API or some other means …(Show moreShow less)

I see what you mean, as it's explictly listed as "not supported" for Scalable Platforms (but not regular ones) here: How to configure Check Point Security Gateway as HTTP/HTTPS Proxy In which case, if you're having issues with this, it's worth a TAC case to investigate further.

Hello Pablo, main reason for that is that from R80.10 the minimum supported number of cores is 2 (you can check all minimum requirements at the release notes). While technically could work with 1 core, it is not usually recommended for production environments.

Hi All, I have a lot of experience deploying Checkpoint HA Clusters in traditional DC's but have recently been tasked with setting up Checkpoint VPN and Checkpoint Firewalls in an Azure environment. Is it similar to running cpconfig - setup SIC - attach license - download policy etc? if not is there a guide on how to do this using a provider-1…(Show moreShow less)

No each cluster will have two interfaces by default. You will have eth0 and eth1. eth0 will be your frontend interface, which is just what Azure calls it, but it will set your default route to go out this interface. eth1 will be your backend interface. There is not VIP to define. So if your frontend subnet is 10.10.10.0/24 eth0 will get assigned…

Hi Folks, I was hoping you could help me out with a query. I'm in the process of setting up a VPN to Amazon AWS. Following the checkpoint guide below. Solution ID: sk100726 How to configure IPsec VPN tunnel between Check Point Security Gateway and Amazon Web Services VPC using static routes I had a question around the statement below: …(Show moreShow less)